Hi, > I got the following error message and enforcer could not restarted > > [root@ns2 ~]# ods-control start > Starting enforcer... > OpenDNSSEC ods-enforcerd started (version 1.4.5), pid 9473 > Could not start enforcer > [root@stage-ns2 ~]# tail -f /var/log/messages > Aug 30 01:03:27 stage-ns2 ods-enforcerd: Connecting to Database... > Aug 30 01:03:27 stage-ns2 ods-enforcerd: Policy default found. > Aug 30 01:03:27 stage-ns2 ods-enforcerd: Key sharing is Off. > Aug 30 01:03:27 stage-ns2 ods-enforcerd: No zones on policy default, > skipping... > Aug 30 01:03:27 stage-ns2 ods-enforcerd: Policy DotMasr found. > Aug 30 01:03:27 stage-ns2 ods-enforcerd: Key sharing is Off. > Aug 30 01:03:27 stage-ns2 ods-enforcerd: 1 zone(s) found on policy "Dot2" > Aug 30 01:03:27 stage-ns2 ods-enforcerd: 1 new KSK(s) (2048 bits) need to be > created for policy Dot2: keys_to_generate(1) = keys_needed(1) - > keys_available(0). > Aug 30 01:03:27 stage-ns2 ods-enforcerd: Error creating key in repository > SoftHSM-KSK > Aug 30 01:03:27 stage-ns2 ods-enforcerd: generate key pair: CKR_GENERAL_ERROR
What do you have in softhsm.conf (/etc/softhsm.conf) ? Is the user account used for ods-enforcerd able to access the files defined in softhsm.conf (can change to the directory and read/write the files). Does your opendnssec/conf.xml <Repository> / <TokenLabel> match what you get with "softhsm --show-slots" ? -Jarno -- Jarno Huuskonen _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
